質問編集履歴

2

2021/01/11 03:08

投稿

wellwell
wellwell

スコア5

test CHANGED
File without changes
test CHANGED
@@ -13,3 +13,215 @@
13
13
  当方ではこれ以上は対処法がわかりませんでした。
14
14
 
15
15
  わかる方よろしくお願いします。
16
+
17
+
18
+
19
+ 追記
20
+
21
+ 試した関数
22
+
23
+ ```PowerShell
24
+
25
+
26
+
27
+ function enable-privilege {
28
+
29
+ param(
30
+
31
+ ## The privilege to adjust. This set is taken from
32
+
33
+ ## http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
34
+
35
+ [ValidateSet(
36
+
37
+ "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
38
+
39
+ "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
40
+
41
+ "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
42
+
43
+ "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
44
+
45
+ "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
46
+
47
+ "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
48
+
49
+ "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
50
+
51
+ "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
52
+
53
+ "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
54
+
55
+ "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
56
+
57
+ "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
58
+
59
+ $Privilege,
60
+
61
+ ## The process on which to adjust the privilege. Defaults to the current process.
62
+
63
+ $ProcessId = $pid,
64
+
65
+ ## Switch to disable the privilege, rather than enable it.
66
+
67
+ [Switch] $Disable
68
+
69
+ )
70
+
71
+
72
+
73
+ ## Taken from P/Invoke.NET with minor adjustments.
74
+
75
+ $definition = @'
76
+
77
+ using System;
78
+
79
+ using System.Runtime.InteropServices;
80
+
81
+
82
+
83
+ public class AdjPriv
84
+
85
+ {
86
+
87
+ [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
88
+
89
+ internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
90
+
91
+ ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
92
+
93
+
94
+
95
+ [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
96
+
97
+ internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
98
+
99
+ [DllImport("advapi32.dll", SetLastError = true)]
100
+
101
+ internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
102
+
103
+ [StructLayout(LayoutKind.Sequential, Pack = 1)]
104
+
105
+ internal struct TokPriv1Luid
106
+
107
+ {
108
+
109
+ public int Count;
110
+
111
+ public long Luid;
112
+
113
+ public int Attr;
114
+
115
+ }
116
+
117
+
118
+
119
+ internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
120
+
121
+ internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
122
+
123
+ internal const int TOKEN_QUERY = 0x00000008;
124
+
125
+ internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
126
+
127
+ public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
128
+
129
+ {
130
+
131
+ bool retVal;
132
+
133
+ TokPriv1Luid tp;
134
+
135
+ IntPtr hproc = new IntPtr(processHandle);
136
+
137
+ IntPtr htok = IntPtr.Zero;
138
+
139
+ retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
140
+
141
+ tp.Count = 1;
142
+
143
+ tp.Luid = 0;
144
+
145
+ if(disable)
146
+
147
+ {
148
+
149
+ tp.Attr = SE_PRIVILEGE_DISABLED;
150
+
151
+ }
152
+
153
+ else
154
+
155
+ {
156
+
157
+ tp.Attr = SE_PRIVILEGE_ENABLED;
158
+
159
+ }
160
+
161
+ retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
162
+
163
+ retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
164
+
165
+ return retVal;
166
+
167
+ }
168
+
169
+ }
170
+
171
+ '@
172
+
173
+
174
+
175
+ $processHandle = (Get-Process -id $ProcessId).Handle
176
+
177
+ $type = Add-Type $definition -PassThru
178
+
179
+ $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
180
+
181
+ }
182
+
183
+
184
+
185
+ enable-privilege SeTakeOwnershipPrivilege
186
+
187
+ $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\powertoe",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
188
+
189
+ # You must get a blank acl for the key b/c you do not currently have access
190
+
191
+ $acl = $key.GetAccessControl([System.Security.AccessControl.AccessControlSections]::None)
192
+
193
+ $me = [System.Security.Principal.NTAccount]"t-alien\tome"
194
+
195
+ $acl.SetOwner($me)
196
+
197
+ $key.SetAccessControl($acl)
198
+
199
+
200
+
201
+ # After you have set owner you need to get the acl with the perms so you can modify it.
202
+
203
+ $acl = $key.GetAccessControl()
204
+
205
+ $rule = New-Object System.Security.AccessControl.RegistryAccessRule ("T-Alien\Tome","FullControl","Allow")
206
+
207
+ $acl.SetAccessRule($rule)
208
+
209
+ $key.SetAccessControl($acl)
210
+
211
+
212
+
213
+ $key.Close()
214
+
215
+
216
+
217
+ ```
218
+
219
+ 目的
220
+
221
+ 無人スリープタイムアウトを無効にするため
222
+
223
+ 'HKLM:\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\238c9fa8-0aad-41ed-83f4-97be242c8f20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0'
224
+
225
+ のキーを編集しようとしています。
226
+
227
+ 多数のマシンを設定するのでコマンドでの実行が必須の状況です。

1

2021/01/11 03:08

投稿

wellwell
wellwell

スコア5

test CHANGED
File without changes
test CHANGED
@@ -4,9 +4,7 @@
4
4
 
5
5
  レジストリキーの内、所有者がtrustedinstallerになっているものについて編集しようとした際、アクセス権で弾かれるのでアクセス権を取得しようと、下記ページのanswerに書いてある関数を試しました。
6
6
 
7
-
8
-
9
- https://social.technet.microsoft.com/Forums/en-US/e718a560-2908-4b91-ad42-d392e7f8f1ad/take-ownership-of-a-registry-key-and-change-permissions?forum=winserverpowershell
7
+ [リンク内容](https://social.technet.microsoft.com/Forums/en-US/e718a560-2908-4b91-ad42-d392e7f8f1ad/take-ownership-of-a-registry-key-and-change-permissions?forum=winserverpowershell)
10
8
 
11
9
 
12
10